{"id":"CVE-2014-3710","details":"The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.","modified":"2026-01-27T04:12:45.664871Z","published":"2014-11-05T11:55:06Z","withdrawn":"2026-01-27T04:12:45.664871Z","related":["MGASA-2014-0439","MGASA-2014-0441","openSUSE-SU-2024:10221-1"],"references":[{"type":"ADVISORY","url":"http://linux.oracle.com/errata/ELSA-2014-1767.html"},{"type":"ADVISORY","url":"http://linux.oracle.com/errata/ELSA-2014-1768.html"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1767.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1768.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0760.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60630"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60699"},{"type":"ADVISORY","url":"http://secunia.com/advisories/61763"},{"type":"ADVISORY","url":"http://secunia.com/advisories/61970"},{"type":"ADVISORY","url":"http://secunia.com/advisories/61982"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62347"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62559"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-3072"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/70807"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1031344"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2391-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2494-1"},{"type":"FIX","url":"https://bugs.php.net/bug.php?id=68283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1155071"},{"type":"FIX","url":"https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201503-03"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-42"},{"type":"ADVISORY","url":"https://support.apple.com/HT204659"},{"type":"ADVISORY","url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"},{"type":"WEB","url":"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"}],"schema_version":"1.7.3"}